| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group and Guardians of Peace. Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover, Duuzer, and Hangman.
| 2025-06-24
⋅
Bridewell
⋅
2025 Cyber Threat Intelligence Report AsyncRAT Brute Ratel C4 Cobalt Strike Fog Ghost RAT Lumma Stealer Meduza Stealer Quasar RAT RedLine Stealer Sliver |
| 2025-04-25
⋅
HiSolutions
⋅
Rolling in the Deep(Web): Lazarus Tsunami tsunami |
| 2025-02-05
⋅
Bitdefender
⋅
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam tsunami |
| 2024-12-26
⋅
⋅
Weixin
⋅
Analysis of the attack activities of APT-C-26 (Lazarus) using weaponized IPMsg software ComeBacker |
| 2024-11-17
⋅
Post about Tsunami tsunami |
| 2024-10-30
⋅
Palo Alto Networks Unit 42
⋅
Jumpy Pisces Engages in Play Ransomware Dtrack MimiKatz PLAY Sliver |
| 2024-10-23
⋅
ANY.RUN
⋅
DarkComet RAT: Technical Analysis of Attack Chain DarkComet |
| 2024-10-13
⋅
Doubleagent.net
⋅
FASTCash for Linux FastCash |
| 2024-10-03
⋅
Virus Bulletin
⋅
Sugarcoating KANDYKORN: a sweet dive into a sophisticated MacOS backdoor HLOADER KANDYKORN SUGARLOADER |
| 2024-09-19
⋅
Gen Digital
⋅
Evolution of Lazarus ‘FudModule - no longer (stand)alone’ FudModule |
| 2024-08-30
⋅
Microsoft
⋅
North Korean threat actor Citrine Sleet exploiting Chromium zero-day FudModule Lazarus Group |
| 2024-07-29
⋅
Mandiant
⋅
UNC4393 Goes Gently into the SILENTNIGHT Black Basta QakBot sRDI SystemBC Zloader UNC3973 UNC4393 |
| 2024-07-10
⋅
Akamai
⋅
CVE-2024-4577 Exploits in the Wild One Day After Disclosure Tsunami Ghost RAT xmrig |
| 2024-07-05
⋅
⋅
Weixin
⋅
APT-C-26 (Lazarus) uses PyPI to attack Windows, Linux, and macOS platforms SimpleTea SimpleTea |
| 2024-05-23
⋅
Palo Alto Networks Unit 42
⋅
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia Agent Racoon CHINACHOPPER Ghost RAT JuicyPotato MimiKatz Ntospy PlugX SweetSpecter TunnelSpecter CL-STA-0043 |
| 2024-04-18
⋅
Avast
⋅
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams FudModule |
| 2024-04-15
⋅
⋅
CheckMal
⋅
MarraCrypt ransomware resembles Hermes ransomware Hermes MarraCrypt |
| 2024-02-29
⋅
Vipyr Security
⋅
Novel ELF64 Remote Access Tool Embedded in Malicious PyPI Uploads SimpleTea |
| 2024-02-28
⋅
Avast Decoded
⋅
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day FudModule |
| 2024-01-05
⋅
Twitter (@greglesnewich)
⋅
Tweets about a SpectralBlur a macOS sample SpectralBlur |
| 2024-01-05
⋅
Twitter (@X__Junior)
⋅
Tweet about a SpectralBlur Linux sample SpectralBlur |
| 2023-12-05
⋅
Kaspersky Labs
⋅
BlueNoroff: new Trojan attacking macOS users RustBucket |
| 2023-11-27
⋅
SentinelOne
⋅
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads HLOADER KANDYKORN RustBucket SUGARLOADER |
| 2023-11-22
⋅
Microsoft
⋅
Diamond Sleet supply chain compromise distributes a modified CyberLink installer LambLoad |
| 2023-11-20
⋅
PWC
⋅
King of Thieves: Black Alicanto and the Ecosystem of North Korea-Based Cyber Operations RustBucket CageyChameleon RustBucket |
| 2023-11-10
⋅
⋅
HAURI
⋅
Detailed analysis report: Malware disguised as Putty (Lazarus APT) ComeBacker |
| 2023-10-31
⋅
Elastic
⋅
Elastic catches DPRK passing out KANDYKORN HLOADER KANDYKORN SUGARLOADER |
| 2023-10-27
⋅
Kaspersky
⋅
A cascade of compromise: unveiling Lazarus’ new campaign LPEClient PostNapTea |
| 2023-10-26
⋅
ESET Research
⋅
ESET APT Activity Report Q2–Q3 2023 SimpleTea LODEINFO |
| 2023-10-18
⋅
Microsoft
⋅
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability FeedLoad ForestTiger HazyLoad RollSling Silent Chollima |
| 2023-10-18
⋅
Kaspersky Labs
⋅
Updated MATA attacks industrial companies in Eastern Europe Dacls Unidentified 106 |
| 2023-10-17
⋅
⋅
AhnLab
⋅
Lazarus Group’s Operation Dream Magic LazarDoor wAgentTea |
| 2023-10-13
⋅
AhnLab
⋅
Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malware JessieConTea Scout Volgmer |
| 2023-10-04
⋅
Virus Bulletin
⋅
Lazarus Campaigns and Backdoors in 2022-23 SimpleTea POOLRAT 3CX Backdoor BLINDINGCAN CLOUDBURST DRATzarus ForestTiger ImprudentCook LambLoad LightlessCan miniBlindingCan PostNapTea SnatchCrypto wAgentTea WebbyTea WinInetLoader |
| 2023-09-29
⋅
ESET Research
⋅
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company CLOUDBURST LightlessCan miniBlindingCan sRDI |
| 2023-09-27
⋅
Positive Technologies
⋅
Dark River. You can't see them, but they're there Dacls Unidentified 106 |
| 2023-09-22
⋅
Mandiant
⋅
Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations Brute Ratel C4 Cobalt Strike EnvyScout GraphDrop QUARTERRIG sRDI Unidentified 107 (APT29) |
| 2023-08-31
⋅
AhnLab
⋅
Analysis of Andariel’s New Attack Activities Andardoor BlackRemote Tiger RAT Volgmer |
| 2023-08-30
⋅
Kaspersky Labs
⋅
IT threat evolution in Q2 2023 3CX Backdoor Bankshot BLINDINGCAN GoldMax Kazuar QUIETCANARY tomiris GoldenJackal |
| 2023-08-22
⋅
⋅
AhnLab
⋅
Analyzing the new attack activity of the Andariel group Andardoor MimiKatz QuiteRAT Tiger RAT Volgmer |
| 2023-07-05
⋅
SentinelOne
⋅
BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection RustBucket |
| 2023-06-29
⋅
Elastic
⋅
The DPRK strikes using a new variant of RUSTBUCKET RustBucket |
| 2023-06-08
⋅
⋅
AhnLab
⋅
Lazarus Group exploiting vulnerabilities in domestic financial security solutions LazarDoor LazarLoader |
| 2023-05-25
⋅
YouTube (BSidesCharm)
⋅
it’s all Magic(RAT) – A look into recent North Korean nation-state attacks MagicRAT VSingle YamaBot |
| 2023-05-22
⋅
Sekoia
⋅
Bluenoroff’s RustBucket campaign RustBucket WebbyTea |
| 2023-05-01
⋅
JPCERT/CC
⋅
Attack trends related to the attack campaign DangerousPassword RustBucket CageyChameleon Cur1Downloader SnatchCrypto |
| 2023-04-24
⋅
Cofense
⋅
Open-Source Gh0st RAT Still Haunting Inboxes 15 Years After Release Ghost RAT |
| 2023-04-21
⋅
Jamf Blog
⋅
BlueNoroff APT group targets macOS with ‘RustBucket’ Malware RustBucket |
| 2023-04-21
⋅
Symantec
⋅
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe VEILEDSIGNAL |
| 2023-04-20
⋅
3CX
⋅
Security Update Thursday 20 April 2023 – Initial Intrusion Vector Found POOLRAT |
| 2023-04-20
⋅
Mandiant
⋅
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible POOLRAT IconicStealer UNC4736 |
| 2023-04-20
⋅
ESET Research
⋅
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack BADCALL SimpleTea POOLRAT 3CX Backdoor BADCALL IconicStealer |
| 2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
| 2023-04-13
⋅
Intel 471
⋅
From GhostNet to PseudoManuscrypt - The evolution of Gh0st RAT BBSRAT Gh0stTimes Ghost RAT PseudoManuscrypt |
| 2023-04-12
⋅
Kaspersky Labs
⋅
Following the Lazarus group by tracking DeathNote campaign Bankshot BLINDINGCAN ForestTiger LambLoad LPEClient MimiKatz NedDnLoader Racket Downloader Volgmer |
| 2023-04-03
⋅
Twitter (@kucher1n)
⋅
Tweet on an alternative Guporam sample Gopuram |
| 2023-04-03
⋅
Youtube (MalwareAnalysisForHedgehogs)
⋅
Malware Analysis - 3CX SmoothOperator ffmpeg.dll with Binary Ninja 3CX Backdoor |
| 2023-04-03
⋅
Kaspersky Labs
⋅
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack Gopuram |
| 2023-04-01
⋅
Github (dodo-sec)
⋅
SmoothOperator 3CX Backdoor |
| 2023-04-01
⋅
Objective-See
⋅
Ironing out (the macOS) details of a Smooth Operator (Part II) 3CX Backdoor |
| 2023-03-31
⋅
splunk
⋅
Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise 3CX Backdoor |
| 2023-03-31
⋅
cyble
⋅
A Comprehensive Analysis of the 3CX Attack 3CX Backdoor |
| 2023-03-31
⋅
Reversing Labs
⋅
Red flags flew over software supply chain-compromised 3CX update 3CX Backdoor |
| 2023-03-31
⋅
Blackberry
⋅
Initial Implants and Network Analysis Suggest the 3CX Supply Chain Operation Goes Back to Fall 2022 3CX Backdoor |
| 2023-03-31
⋅
Zscaler
⋅
3CX Supply Chain Attack Campaign Campaign Analysis 3CX Backdoor |
| 2023-03-31
⋅
Group-IB
⋅
36gate: supply chain attack 3CX Backdoor |
| 2023-03-31
⋅
vmware
⋅
Investigating 3CX Desktop Application Attacks: What You Need to Know 3CX Backdoor |
| 2023-03-30
⋅
OALabs
⋅
3CX Supply Chain Attack 3CX Backdoor |
| 2023-03-30
⋅
Trend Micro
⋅
Developing Story: Information on Attacks Involving 3CX Desktop App 3CX Backdoor IconicStealer |
| 2023-03-30
⋅
Fortiguard
⋅
3CX Desktop App Compromised (CVE-2023-29059) 3CX Backdoor |
| 2023-03-30
⋅
CrowdStrike
⋅
2023-03-29 // SITUATIONAL AWARENESS // CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers 3CX Backdoor |
| 2023-03-30
⋅
Cado Security
⋅
Forensic Triage of a Windows System running the Backdoored 3CX Desktop App 3CX Backdoor |
| 2023-03-30
⋅
Volexity
⋅
3CX Supply Chain Compromise Leads to ICONIC Incident 3CX Backdoor IconicStealer |
| 2023-03-30
⋅
Elastic
⋅
Elastic users protected from SUDDENICON’s supply chain attack 3CX Backdoor |
| 2023-03-30
⋅
Rapid7 Labs
⋅
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign 3CX Backdoor |
| 2023-03-30
⋅
Huntress Labs
⋅
3CX VoIP Software Compromise & Supply Chain Threats 3CX Backdoor |
| 2023-03-30
⋅
Symantec
⋅
3CX: Supply Chain Attack Affects Thousands of Users Worldwide 3CX Backdoor IconicStealer |
| 2023-03-29
⋅
SentinelOne
⋅
SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack 3CX Backdoor |
| 2023-03-29
⋅
Objective-See
⋅
Ironing out (the macOS details) of a Smooth Operator 3CX Backdoor |
| 2023-03-29
⋅
CrowdStrike
⋅
CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers 3CX Backdoor |
| 2023-03-20
⋅
SecurityIntelligence
⋅
When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule FudModule |
| 2023-03-09
⋅
Mandiant
⋅
Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 CLOUDBURST TOUCHMOVE TOUCHSHIFT UNC2970 |
| 2023-03-09
⋅
Mandiant
⋅
Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW FudModule |
| 2023-02-23
⋅
Bitdefender
⋅
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 Cobalt Strike DarkComet QuiteRAT RATel |
| 2023-02-23
⋅
ESET Research
⋅
WinorDLL64: A backdoor from the vast Lazarus arsenal? WinorDLL64 |
| 2023-02-21
⋅
SecurityIntelligence
⋅
Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers FudModule |
| 2023-02-09
⋅
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities Dtrack MagicRAT Maui Ransomware SiennaBlue SiennaPurple Tiger RAT YamaBot |
| 2023-02-02
⋅
WithSecure
⋅
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector Dtrack GREASE QuiteRAT |
| 2023-01-25
⋅
Proofpoint
⋅
TA444: The APT Startup Aimed at Acquisition (of Your Funds) CageyChameleon Lazarus Group TA444 |
| 2023-01-05
⋅
AttackIQ
⋅
Emulating the Highly Sophisticated North Korean Adversary Lazarus Group MagicRAT Tiger RAT |
| 2022-12-27
⋅
Kaspersky
⋅
BlueNoroff introduces new methods bypassing MoTW LazarLoader Unidentified 101 (Lazarus?) |
| 2022-12-20
⋅
K7 Security
⋅
Lazarus APT’s Operation Interception Uses Signed Binary Interception |
| 2022-12-16
⋅
Sekoia
⋅
The DPRK delicate sound of cyber AppleJeus AppleJeus SnatchCrypto |
| 2022-11-29
⋅
⋅
Qianxin
⋅
Job hunting trap: Analysis of Lazarus attack activities using recruitment information such as Mizuho Bank of Japan as bait CageyChameleon Cur1Downloader |
| 2022-11-23
⋅
Twitter (@RedDrip7)
⋅
Tweets about potential Lazarus sample Unidentified 101 (Lazarus?) |
| 2022-11-21
⋅
vmware
⋅
Threat Analysis: Active C2 Discovery Using Protocol Emulation Part4 (Dacls, aka MATA) Dacls |
| 2022-11-15
⋅
Kaspersky Labs
⋅
DTrack activity targeting Europe and Latin America Dtrack |
| 2022-10-24
⋅
⋅
AhnLab
⋅
Malware infection case of Lazarus attack group that neutralizes antivirus program with BYOVD technique FudModule LazarDoor Racket Downloader |
| 2022-09-30
⋅
ESET Research
⋅
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium BLINDINGCAN FudModule HTTP(S) uploader LambLoad TOUCHMOVE |
| 2022-09-30
⋅
Virus Bulletin
⋅
Lazarus & BYOVD: evil to the Windows core FudModule |
| 2022-09-29
⋅
Microsoft
⋅
ZINC weaponizing open-source software BLINDINGCAN CLOUDBURST miniBlindingCan |
| 2022-09-26
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 3: Input/Output Controls CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-09-26
⋅
SentinelOne
⋅
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto Interception |
| 2022-09-22
⋅
AhnLab
⋅
Analysis Report on Lazarus Group's Rootkit Attack Using BYOVD FudModule |
| 2022-09-15
⋅
Symantec
⋅
Webworm: Espionage Attackers Testing and Using Older Modified RATs 9002 RAT Ghost RAT Trochilus RAT |
| 2022-09-14
⋅
Mandiant
⋅
It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp BLINDINGCAN miniBlindingCan sRDI |
| 2022-09-10
⋅
⋅
Malverse
⋅
Realizziamo un C&C Server in Python (Bankshot) Bankshot |
| 2022-09-08
⋅
Cisco Talos
⋅
Lazarus and the tale of three RATs MagicRAT MimiKatz VSingle YamaBot |
| 2022-09-07
⋅
Cisco Talos
⋅
MagicRAT: Lazarus’ latest gateway into victim networks MagicRAT Tiger RAT |
| 2022-08-16
⋅
Twitter (@ESETresearch)
⋅
Twitter thread about Operation In(ter)ception for macOS Interception |
| 2022-08-15
⋅
Brandefense
⋅
Lazarus APT Group (APT38) AppleJeus AppleJeus BADCALL Bankshot BLINDINGCAN DRATzarus Dtrack KEYMARBLE Sierra(Alfa,Bravo, ...) Torisma WannaCryptor |
| 2022-08-13
⋅
YoutTube (Blue Team Village)
⋅
Attribution and Bias: My terrible mistakes in threat intelligence attribution AppleJeus Olympic Destroyer |
| 2022-08-12
⋅
CrowdStrike
⋅
The Anatomy of Wiper Malware, Part 1: Common Techniques Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare |
| 2022-08-12
⋅
Brandefense
⋅
Mythic Leopard APT Group Crimson RAT DarkComet NjRAT Oblique RAT Peppy RAT |
| 2022-08-09
⋅
Kaspersky
⋅
Andariel deploys DTrack and Maui ransomware Dtrack Maui Ransomware |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Iron Taurus CHINACHOPPER Ghost RAT Wonknu ZXShell APT27 |
| 2022-07-14
⋅
Proofpoint
⋅
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media Chinoxy APT31 Lazarus Group TA482 |
| 2022-07-05
⋅
JPCERT/CC
⋅
VSingle malware that obtains C2 server information from GitHub VSingle |
| 2022-06-21
⋅
Cisco Talos
⋅
Avos ransomware group expands with new attack arsenal AvosLocker Cobalt Strike DarkComet MimiKatz |
| 2022-06-17
⋅
Github (monoxgas)
⋅
sRDI - Shellcode Reflective DLL Injection sRDI |
| 2022-05-23
⋅
Trend Micro
⋅
Operation Earth Berberoka reptile oRAT Ghost RAT PlugX pupy Earth Berberoka |
| 2022-05-09
⋅
cocomelonc
⋅
Malware development: persistence - part 4. Windows services. Simple C++ example. Anchor AppleJeus Attor BBSRAT BlackEnergy Carbanak Cobalt Strike DuQu |
| 2022-05-05
⋅
NCC Group
⋅
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering LCPDot |
| 2022-04-27
⋅
Symantec
⋅
Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets Dtrack VSingle |
| 2022-04-27
⋅
Trend Micro
⋅
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka |
| 2022-04-27
⋅
Trendmicro
⋅
Operation Gambling Puppet reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka |
| 2022-04-26
⋅
Trend Micro
⋅
How Cybercriminals Abuse Cloud Tunneling Services AsyncRAT Cobalt Strike DarkComet Meterpreter Nanocore RAT |
| 2022-04-26
⋅
AhnLab
⋅
New Malware of Lazarus Threat Actor Group Exploiting INITECH Process Racket Downloader wAgentTea |
| 2022-04-20
⋅
CISA
⋅
TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies Bankshot TraderTraitor |
| 2022-04-18
⋅
CISA
⋅
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies (PDF) FastCash Bankshot |
| 2022-04-18
⋅
CISA
⋅
Alert (AA22-108A): TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies Bankshot |
| 2022-04-15
⋅
Center for Internet Security
⋅
Top 10 Malware March 2022 Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus |
| 2022-04-14
⋅
Symantec
⋅
Lazarus Targets Chemical Sector Racket Downloader |
| 2022-04-01
⋅
The Hacker News
⋅
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit Fire Chili Ghost RAT |
| 2022-03-31
⋅
Kaspersky
⋅
Lazarus Trojanized DeFi app for delivering malware JessieConTea LCPDot |
| 2022-03-30
⋅
Fortinet
⋅
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits Fire Chili Ghost RAT |
| 2022-03-17
⋅
Sophos
⋅
The Ransomware Threat Intelligence Center ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker |
| 2022-03-16
⋅
AhnLab
⋅
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers Ghost RAT Kingminer |
| 2022-03-01
⋅
Github (0xZuk0)
⋅
Malware Analysis Report: WannaCry Ransomware WannaCryptor |
| 2022-02-11
⋅
Cisco Talos
⋅
Threat Roundup for February 4 to February 11 DarkComet Ghost RAT Loki Password Stealer (PWS) Tinba Tofsee Zeus |
| 2022-02-09
⋅
SentinelOne
⋅
Modified Elephant APT and a Decade of Fabricating Evidence DarkComet Incubator NetWire RC |
| 2022-02-09
⋅
Sentinel LABS
⋅
ModifiedElephant APT and a Decade of Fabricating Evidence DarkComet Incubator NetWire RC ModifiedElephant |
| 2022-01-31
⋅
Cyber Geeks
⋅
A Detailed Analysis Of Lazarus APT Malware Disguised As Notepad++ Shell Extension AnchorMTea |
| 2022-01-13
⋅
Kaspersky Labs
⋅
The BlueNoroff cryptocurrency hunt is still on CageyChameleon SnatchCrypto WebbyTea |
| 2021-12-14
⋅
Trend Micro
⋅
Collecting In the Dark: Tropic Trooper Targets Transportation and Government ChiserClient Ghost RAT Lilith Quasar RAT xPack APT23 |
| 2021-12-01
⋅
⋅
ThreatBook
⋅
The Lazarus Group suspected of expanding its arsenal? The hackers target aviation industry and researchers AnchorMTea |
| 2021-11-10
⋅
⋅
AhnLab
⋅
Analysis Report of Lazarus Group’s NukeSped Malware DarkComet Tiger RAT |
| 2021-10-11
⋅
Telsy
⋅
Lazarus Group continues AppleJeus Operation AppleJeus |
| 2021-10-08
⋅
Virus Bulletin
⋅
Multi-universe of adversary: multiple campaigns of the Lazarus group and their connections Dacls AppleJeus AppleJeus Bankshot BookCodes RAT Dacls DRATzarus LCPDot LPEClient |
| 2021-10-07
⋅
Virus Bulletin
⋅
Operation Bookcodes – targeting South Korea BookCodes RAT LPEClient |
| 2021-10-05
⋅
Blackberry
⋅
Drawing a Dragon: Connecting the Dots to Find APT41 Cobalt Strike Ghost RAT |
| 2021-10-04
⋅
JPCERT/CC
⋅
Malware Gh0stTimes Used by BlackTech Gh0stTimes Ghost RAT |
| 2021-09-07
⋅
LIFARS
⋅
A Detailed Analysis of Lazarus’ RAT Called FALLCHILL Volgmer |
| 2021-09-06
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 2 Agent Tesla Amadey Anchor AnchorMTea Carbanak Carberp Cardinal RAT Felixroot Konni Loki Password Stealer (PWS) Maze |
| 2021-09-04
⋅
cocomelonc
⋅
AV engines evasion for C++ simple malware: part 1 4h_rat Azorult BADCALL BadNews BazarBackdoor Cardinal RAT |
| 2021-08-22
⋅
⋅
media.ccc.de
⋅
The Bangladesh cyber bank robbery: Tracking down major criminals with malware analysis DYEPACK |
| 2021-08-22
⋅
Malware and Stuff
⋅
PEB: Where Magic Is Stored Dacls |
| 2021-08-05
⋅
KrebsOnSecurity
⋅
Ransomware Gangs and the Name Game Distraction DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet |
| 2021-07-10
⋅
Youtube (AhmedS Kasmani)
⋅
Analysis of AppleJeus Malware by Lazarus Group AppleJeus |
| 2021-07-08
⋅
Medium s2wlab
⋅
Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea Racket Downloader |
| 2021-06-15
⋅
Kaspersky
⋅
Andariel evolves to target South Korea with ransomware BISTROMATH PEBBLEDASH SHATTEREDGLASS TigerLite Tiger RAT |
| 2021-05-13
⋅
⋅
AhnLab
⋅
APT attack for domestic companies using library files ImprudentCook |
| 2021-05-11
⋅
⋅
Qianxin
⋅
Analysis of a series of attacks by the suspected Lazarus organization using Daewoo Shipyard as relevant bait BISTROMATH TigerLite |
| 2021-05-05
⋅
Zscaler
⋅
Catching RATs Over Custom Protocols Analysis of top non-HTTP/S threats Agent Tesla AsyncRAT Crimson RAT CyberGate Ghost RAT Nanocore RAT NetWire RC NjRAT Quasar RAT Remcos |
| 2021-04-28
⋅
Trend Micro
⋅
Water Pamola Attacked Online Shops Via Malicious Orders Ghost RAT |
| 2021-04-19
⋅
Malwarebytes
⋅
Lazarus APT conceals malicious code within BMP image to drop its RAT BISTROMATH |
| 2021-04-15
⋅
AhnLab
⋅
Operation Dream Job Targeting Job Seekers in South Korea LCPDot Torisma |
| 2021-04-08
⋅
ESET Research
⋅
(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor Vyveva RAT |
| 2021-04-02
⋅
Dr.Web
⋅
Study of targeted attacks on Russian research institutes Cotx RAT Ghost RAT TA428 |
| 2021-04-01
⋅
AhnLab
⋅
ASEC REPORT VOL.102 Q1 2021 ComeBacker JessieConTea LCPDot |
| 2021-03-22
⋅
JPCERT/CC
⋅
Lazarus Attack Activities Targeting Japan (VSingle/ValeforBeta) VSingle |
| 2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-03-15
⋅
Sophos Labs
⋅
DearCry ransomware attacks exploit Exchange server vulnerabilities dearcry WannaCryptor |
| 2021-03-03
⋅
SYGNIA
⋅
Lazarus Group’s MATA Framework Leveraged to Deploy TFlower Ransomware Dacls Dacls Dacls TFlower |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-26
⋅
YouTube (Black Hat)
⋅
FASTCash and INJX_Pure: How Threat Actors Use Public Standards for Financial Fraud FastCash |
| 2021-02-25
⋅
Kaspersky Labs
⋅
Lazarus targets defense industry with ThreatNeedle HTTP(S) uploader LPEClient Volgmer |
| 2021-02-25
⋅
Intezer
⋅
Year of the Gopher A 2020 Go Malware Round-Up NiuB WellMail elf.wellmess ArdaMax AsyncRAT CyberGate DarkComet Glupteba Nanocore RAT Nefilim NjRAT Quasar RAT WellMess Zebrocy |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-22
⋅
tccontre Blog
⋅
Gh0stRat Anti-Debugging: Nested SEH (try - catch) to Decrypt and Load its Payload Ghost RAT |
| 2021-02-18
⋅
Symantec
⋅
Lazarus: Three North Koreans Charged for Financially Motivated Attacks AppleJeus POOLRAT Unidentified macOS 001 (UnionCryptoTrader) AppleJeus Unidentified 077 (Lazarus Downloader) |
| 2021-02-17
⋅
US-CERT
⋅
Malware Analysis Report (AR21-048B): AppleJeus: JMT Trading AppleJeus AppleJeus |
| 2021-02-17
⋅
US-CERT
⋅
Malware Analysis Report (AR21-048F): AppleJeus: Dorusio AppleJeus AppleJeus Unidentified 077 (Lazarus Downloader) |
| 2021-02-17
⋅
US-CERT
⋅
Malware Analysis Report (AR21-048A): AppleJeus: Celas Trade Pro AppleJeus AppleJeus |
| 2021-02-17
⋅
US-CERT
⋅
Alert (AA21-048A): AppleJeus: Analysis of North Korea’s Cryptocurrency Malware AppleJeus AppleJeus Lazarus Group |
| 2021-02-17
⋅
US-CERT
⋅
Malware Analysis Report (AR21-048G): AppleJeus: Ants2Whale AppleJeus AppleJeus |
| 2021-02-17
⋅
US-CERT
⋅
Malware Analysis Report (AR21-048E): AppleJeus: CoinGoTrade AppleJeus POOLRAT AppleJeus |
| 2021-02-17
⋅
US-CERT
⋅
Malware Analysis Report (AR21-048D): AppleJeus: Kupay Wallet AppleJeus AppleJeus |
| 2021-02-17
⋅
US-CERT
⋅
Malware Analysis Report (AR21-048C): AppleJeus: Union Crypto AppleJeus Unidentified macOS 001 (UnionCryptoTrader) AppleJeus |
| 2021-02-01
⋅
ESET Research
⋅
Operation NightScout: Supply‑chain attack targets online gaming in Asia Ghost RAT NoxPlayer Poison Ivy Red Dev 17 |
| 2021-02-01
⋅
One Night in Norfolk
⋅
DPRK Targeting Researchers II: .Sys Payload and Registry Hunting ComeBacker |
| 2021-01-30
⋅
⋅
Microstep Intelligence Bureau
⋅
Analysis of Lazarus attacks against security researchers ComeBacker |
| 2021-01-29
⋅
⋅
NSFOCUS
⋅
认识STUMBzarus——APT组织Lazarus近期定向攻击组件深入分析 ComeBacker DRATzarus Torisma |
| 2021-01-28
⋅
Microsoft
⋅
ZINC attacks against security researchers ComeBacker Klackring |
| 2021-01-27
⋅
S2W LAB Inc.
⋅
How to communicate between RAT infected devices (White paper) Volgmer |
| 2021-01-27
⋅
S2W LAB Inc.
⋅
Analysis of THREATNEEDLE C&C Communication (feat. Google TAG Warning to Researchers) Volgmer |
| 2021-01-26
⋅
One Night in Norfolk
⋅
DPRK Malware Targeting Security Researchers ComeBacker |
| 2021-01-26
⋅
Comae
⋅
PANDORABOX - North Koreans target security researchers ComeBacker |
| 2021-01-26
⋅
JPCERT/CC
⋅
Operation Dream Job by Lazarus LCPDot Torisma Lazarus Group |
| 2021-01-25
⋅
Google
⋅
New campaign targeting security researchers ComeBacker DRATzarus |
| 2021-01-20
⋅
JPCERT/CC
⋅
Commonly Known Tools Used by Lazarus Lazarus Group |
| 2021-01-15
⋅
Swisscom
⋅
Cracking a Soft Cell is Harder Than You Think Ghost RAT MimiKatz PlugX Poison Ivy Trochilus RAT |
| 2021-01-09
⋅
Marco Ramilli's Blog
⋅
Command and Control Traffic Patterns ostap LaZagne Agent Tesla Azorult Buer Cobalt Strike DanaBot DarkComet Dridex Emotet Formbook IcedID ISFB NetWire RC PlugX Quasar RAT SmokeLoader TrickBot |
| 2021-01-07
⋅
Github (hvs-consulting)
⋅
Lazarus / APT37 IOCs Lazarus Group |
| 2021-01-01
⋅
Objective-See
⋅
The Mac Malware of 2020 - a comprehensive analysis of the year's new malware AppleJeus Dacls EvilQuest FinFisher WatchCat XCSSET |
| 2020-12-23
⋅
Kaspersky Labs
⋅
Lazarus covets COVID-19-related intelligence BookCodes RAT wAgentTea |
| 2020-12-21
⋅
Cisco Talos
⋅
2020: The year in malware WolfRAT Prometei Poet RAT Agent Tesla Astaroth Ave Maria CRAT Emotet Gozi IndigoDrop JhoneRAT Nanocore RAT NjRAT Oblique RAT SmokeLoader StrongPity WastedLocker Zloader |
| 2020-12-18
⋅
Seqrite
⋅
RAT used by Chinese cyberspies infiltrating Indian businesses Ghost RAT |
| 2020-12-15
⋅
HvS-Consulting AG
⋅
Greetings from Lazarus: Anatomy of a cyber espionage campaign BLINDINGCAN MimiKatz Lazarus Group |
| 2020-12-15
⋅
HvS-Consulting AG
⋅
Greetings from Lazarus Anatomy of a cyber espionage campaign BLINDINGCAN HTTP(S) uploader MimiKatz |
| 2020-12-11
⋅
PWC UK
⋅
Tweet on macOS Manuscypt samples Manuscrypt |
| 2020-12-10
⋅
Intel 471
⋅
No pandas, just people: The current state of China’s cybercrime underground Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-09
⋅
CrowdStrike
⋅
From Zero to SixtyThe Story of North Korea’s Rapid Ascent to Becoming a Global Cyber Superpower FastCash Hermes WannaCryptor |
| 2020-11-27
⋅
⋅
Macnica
⋅
Analyzing Organizational Invasion Ransom Incidents Using Dtrack Cobalt Strike Dtrack |
| 2020-11-27
⋅
⋅
Microstep Intelligence Bureau
⋅
钱包黑洞:Lazarus 组织近期在加密货币方面的隐蔽攻击活动 Manuscrypt |
| 2020-11-21
⋅
vxhive blog
⋅
Deep Dive Into HERMES Ransomware Hermes |
| 2020-11-16
⋅
ESET Research
⋅
Lazarus supply‑chain attack in South Korea BookCodes RAT Lazarus Group |
| 2020-11-14
⋅
Medium 0xastrovax
⋅
Deep Dive Into Ryuk Ransomware Hermes Ryuk |
| 2020-11-12
⋅
Talos
⋅
CRAT wants to plunder your endpoints CRAT |
| 2020-11-05
⋅
McAfee
⋅
Operation North Star: Behind The Scenes NedDnLoader Torisma |
| 2020-11-03
⋅
Kaspersky Labs
⋅
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX POISONPLUG Rover ShadowPad SoreFang Winnti |
| 2020-10-28
⋅
Twitter (@BitsOfBinary)
⋅
Tweet on macOS version of Manuscrypt Manuscrypt |
| 2020-10-27
⋅
Dr.Web
⋅
Study of the ShadowPad APT backdoor and its relation to PlugX Ghost RAT PlugX ShadowPad |
| 2020-10-03
⋅
VB Localhost
⋅
Unveiling the CryptoMimic CageyChameleon SnatchCrypto |
| 2020-09-29
⋅
JPCERT/CC
⋅
BLINDINGCAN - Malware Used by Lazarus BLINDINGCAN Lazarus Group |
| 2020-09-22
⋅
vmware
⋅
Detecting Threats in Real-time With Active C2 Information Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti |
| 2020-09-16
⋅
Qianxin
⋅
Target defense industry: Lazarus uses recruitment bait combined with continuously updated cyber weapons CRAT |
| 2020-09-15
⋅
CrowdStrike
⋅
Nowhere to Hide - 2020 Threat Hunting Report NedDnLoader RDAT TRACER KITTEN |
| 2020-08-31
⋅
JPCERT/CC
⋅
Malware Used by Lazarus after Network Intrusion Lazarus Group |
| 2020-08-31
⋅
SentinelOne
⋅
The BLINDINGCAN RAT and Malicious North Korean Activity BLINDINGCAN |
| 2020-08-26
⋅
CISA
⋅
MAR-10301706-1.v1 - North Korean Remote Access Tool: ECCENTRICBANDWAGON PSLogger |
| 2020-08-26
⋅
CISA
⋅
Alert (AA20-239A): FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks FastCash |
| 2020-08-26
⋅
CISA
⋅
MAR-10301706-2.v1 - North Korean Remote Access Tool: VIVACIOUSGIFT NACHOCHEESE |
| 2020-08-19
⋅
US-CERT
⋅
Malware Analysis Report (AR20-232A) Bankshot BLINDINGCAN |
| 2020-08-19
⋅
CISA
⋅
MAR-10295134-1.v1 - North Korean Remote Access Trojan: BLINDINGCAN BLINDINGCAN |
| 2020-08-13
⋅
ClearSky
⋅
Operation ‘Dream Job’ Widespread North Korean Espionage Campaign DRATzarus LPEClient NedDnLoader |
| 2020-08-05
⋅
BlackHat
⋅
FASTCashand INJX_PURE: How Threat Actors Use Public Standards for Financial Fraud FastCash |
| 2020-08-05
⋅
BlackHat
⋅
FASTCash and Associated Intrusion Techniques FastCash |
| 2020-08-01
⋅
Temple University
⋅
Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
| 2020-08-01
⋅
⋅
TG Soft
⋅
TG Soft Cyber - Threat Report DarkComet Darktrack RAT Emotet ISFB |
| 2020-07-29
⋅
ESET Research
⋅
THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor |
| 2020-07-29
⋅
Kaspersky Labs
⋅
APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
| 2020-07-29
⋅
McAfee
⋅
Operation (노스 스타) North Star A Job Offer That’s Too Good to be True? NedDnLoader |
| 2020-07-28
⋅
Kaspersky Labs
⋅
Lazarus on the hunt for big game Dacls Dacls Dacls VHD Ransomware |
| 2020-07-28
⋅
⋅
NTT
⋅
CraftyPanda 標的型攻撃解析レポート Ghost RAT PlugX |
| 2020-07-27
⋅
SentinelOne
⋅
Four Distinct Families of Lazarus Malware Target Apple’s macOS Platform AppleJeus Casso Dacls WatchCat |
| 2020-07-22
⋅
Kaspersky Labs
⋅
MATA: Multi-platform targeted malware framework Dacls Dacls Dacls |
| 2020-07-20
⋅
Risky.biz
⋅
What even is Winnti? CCleaner Backdoor Ghost RAT PlugX ZXShell |
| 2020-06-29
⋅
KISA
⋅
OPERATION BOOKCODES TTPs #2 BookCodes RAT |
| 2020-06-28
⋅
Twitter (@ccxsaber)
⋅
Tweet on Sample Unidentified 077 (Lazarus Downloader) |
| 2020-06-23
⋅
ReversingLabs
⋅
Hidden Cobra - from a shed skin to the viper’s nest Bankshot PEBBLEDASH TAINTEDSCRIBE |
| 2020-06-17
⋅
ESET Research
⋅
Operation In(ter)ception: Targeted Attacks against European Aerospace and Military Companies Interception |
| 2020-06-14
⋅
BushidoToken
⋅
Deep-dive: The DarkHotel APT Asruex Ghost RAT Ramsay Retro Unidentified 076 (Higaisa LNK to Shellcode) |
| 2020-06-09
⋅
Kaspersky Labs
⋅
Looking at Big Threats Using Code Similarity. Part 1 Penquin Turla CCleaner Backdoor EternalPetya Regin WannaCryptor XTunnel |
| 2020-06-05
⋅
Prevailion
⋅
The Gh0st Remains the Same Ghost RAT |
| 2020-06-04
⋅
PTSecurity
⋅
COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group Ghost RAT SongXY |
| 2020-05-31
⋅
Twitter (ShadowChasing1)
⋅
Tweet on DTRACK malware Dtrack |
| 2020-05-20
⋅
Medium Asuna Amawaka
⋅
What happened between the BigBadWolf and the Tiger? Ghost RAT |
| 2020-05-14
⋅
Avast Decoded
⋅
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia BYEBY Ghost RAT Microcin MimiKatz Vicious Panda |
| 2020-05-12
⋅
US-CERT
⋅
MAR-10288834-1.v1 – North Korean Remote Access Tool: COPPERHEDGE Bankshot |
| 2020-05-11
⋅
Trend Micro
⋅
New MacOS Dacls RAT Backdoor Shows Lazarus’ Multi-Platform Attack Capability Dacls |
| 2020-05-11
⋅
Trend Micro
⋅
New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability Dacls |
| 2020-05-07
⋅
AVAR
⋅
The North Korean AV Anthology: a unique look on DPRK’s Anti-Virus market Volgmer |
| 2020-05-06
⋅
Malwarebytes
⋅
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app Dacls |
| 2020-05-05
⋅
Objective-See
⋅
The Dacls RAT ...now on macOS! deconstructing the mac variant of a lazarus group implant Dacls |
| 2020-05-04
⋅
ADEO DFIR
⋅
APT38 Lazarus Threat Analysis Report BLINDTOAD ELECTRICFISH |
| 2020-04-16
⋅
VMWare Carbon Black
⋅
The Evolution of Lazarus HOTCROISSANT Rifdoor |
| 2020-04-14
⋅
⋅
Qianxin
⋅
The Lazarus APT organization uses the new crown epidemic bait to target a targeted attack analysis of a country CRAT |
| 2020-04-09
⋅
⋅
suspected.tistory.com
⋅
Malware analysis (Emergency inquiry for Coronavirus response in Jeollanam-do.hwp) CRAT |
| 2020-04-01
⋅
KISA
⋅
OPERATION BOOKCODES TTPs #1 BookCodes RAT |
| 2020-03-05
⋅
Microsoft
⋅
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
| 2020-03-05
⋅
SophosLabs
⋅
Cloud Snooper Attack Bypasses AWS Security Measures Cloud Snooper Ghost RAT |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-02-26
⋅
MetaSwan's Lab
⋅
Lazarus group's Brambul worm of the former Wannacry - 2 Brambul |
| 2020-02-26
⋅
MetaSwan's Lab
⋅
Lazarus group's Brambul worm of the former Wannacry - 1 Brambul WannaCryptor |
| 2020-02-25
⋅
RSA Conference
⋅
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus |
| 2020-02-25
⋅
SentinelOne
⋅
DPRK Hidden Cobra Update: North Korean Malicious Cyber Activity ARTFULPIE BISTROMATH BUFFETLINE CHEESETRAY HOPLIGHT HOTCROISSANT SLICKSHOES |
| 2020-02-22
⋅
Objective-See
⋅
Weaponizing a Lazarus Group Implant: repurposing a 1st-stage loader, to execute custom 'fileless' payloads AppleJeus |
| 2020-02-19
⋅
Lexfo
⋅
The Lazarus Constellation A study on North Korean malware FastCash AppleJeus BADCALL Bankshot Brambul Dtrack Duuzer DYEPACK ELECTRICFISH HARDRAIN Hermes HOPLIGHT Joanap KEYMARBLE Kimsuky MimiKatz MyDoom NACHOCHEESE NavRAT PowerRatankba RokRAT Sierra(Alfa,Bravo, ...) Volgmer WannaCryptor |
| 2020-02-14
⋅
US-CERT
⋅
Malware Analysis Report (AR20-045C) CHEESETRAY |
| 2020-02-14
⋅
US-CERT
⋅
Malware Analysis Report (AR20-045E): MAR-10271944-2.v1 - North Korean Trojan: ARTFULPIE ARTFULPIE |
| 2020-02-14
⋅
US-CERT
⋅
Malware Analysis Report (AR20-045D): MAR-10271944-1.v1 - North Korean Trojan: HOTCROISSANT HOTCROISSANT |
| 2020-02-14
⋅
US-CERT
⋅
Malware Analysis Report (AR20-045A): MAR-10265965-1.v1 - North Korean Trojan: BISTROMATH BISTROMATH |
| 2020-02-14
⋅
US-CERT
⋅
Malware Analysis Report (AR20-045F): MAR-10271944-3.v1 - North Korean Trojan: BUFFETLINE BUFFETLINE |
| 2020-02-14
⋅
US-CERT
⋅
Malware Analysis Report (AR20–045B): MAR-10265965-2.v1 - North Korean Trojan: SLICKSHOES SLICKSHOES |
| 2020-02-14
⋅
US-CERT
⋅
Malware Analysis Report (AR20-045G): MAR-10135536-8.v4 - North Korean Trojan: HOPLIGHT HOPLIGHT |
| 2020-02-13
⋅
Qianxin
⋅
APT Report 2019 Chrysaor Exodus Dacls VPNFilter DNSRat Griffon KopiLuwak More_eggs SQLRat AppleJeus BONDUPDATER Agent.BTZ Anchor AndroMut AppleJeus BOOSTWRITE Brambul Carbanak Cobalt Strike Dacls DistTrack DNSpionage Dtrack ELECTRICFISH FlawedAmmyy FlawedGrace Get2 Grateful POS HOPLIGHT Imminent Monitor RAT jason Joanap KerrDown KEYMARBLE Lambert LightNeuron LoJax MiniDuke PolyglotDuke PowerRatankba Rising Sun SDBbot ServHelper Snatch Stuxnet TinyMet tRat TrickBot Volgmer X-Agent Zebrocy |
| 2020-02-10
⋅
Malwarebytes
⋅
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
| 2020-02-02
⋅
Youtube (Ghidra Ninja)
⋅
Reversing WannaCry Part 2 - Diving into the malware with #Ghidra WannaCryptor |
| 2020-01-26
⋅
Dark Matter: Uncovering the DarkComet RAT Ecosystem DarkComet |
| 2020-01-08
⋅
Kaspersky Labs
⋅
Operation AppleJeus Sequel AppleJeus Unidentified macOS 001 (UnionCryptoTrader) |
| 2020-01-01
⋅
Objective-See
⋅
The Mac Malware of 2019 Gmera Mokes Yort |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE EDISON Ghost RAT sykipot APT4 SAMURAI PANDA |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE UNION 9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27 |
| 2020-01-01
⋅
Secureworks
⋅
ALUMINUM SARATOGA BlackShades DarkComet Xtreme RAT Poison Ivy Quasar RAT Molerats |
| 2020-01-01
⋅
Secureworks
⋅
NICKEL ACADEMY Brambul Duuzer HOPLIGHT Joanap Sierra(Alfa,Bravo, ...) Volgmer |
| 2020-01-01
⋅
Secureworks
⋅
NICKEL GLADSTONE AlphaNC Bankshot Ratankba Lazarus Group |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE GLOBE EtumBot Ghost RAT APT12 |
| 2020-01-01
⋅
Secureworks
⋅
BRONZE FLEETWOOD Binanen Ghost RAT OrcaRAT APT5 |
| 2020-01-01
⋅
Secureworks
⋅
COPPER FIELDSTONE Crimson RAT DarkComet Luminosity RAT NjRAT Operation C-Major |
| 2019-12-17
⋅
⋅
Netlab
⋅
Lazarus Group uses Dacls RAT to attack Linux platform Dacls Log Collector Dacls |
| 2019-12-12
⋅
Microsoft
⋅
GALLIUM: Targeting global telecom CHINACHOPPER Ghost RAT HTran MimiKatz Poison Ivy GALLIUM |
| 2019-12-12
⋅
FireEye
⋅
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow Cerberus TSCookie Cobalt Strike Dtrack Emotet Formbook IcedID Icefog IRONHALO Loki Password Stealer (PWS) PandaBanker PLEAD POISONPLUG TrickBot BlackTech |
| 2019-12-03
⋅
Objective-See
⋅
Lazarus Group Goes 'Fileless' Unidentified macOS 001 (UnionCryptoTrader) |
| 2019-11-21
⋅
ThreatBook
⋅
The Nightmare of Global Cryptocurrency Companies -Demystifying the “DangerousPassword” of the APT Organization CageyChameleon SnatchCrypto |
| 2019-11-21
⋅
Cyberbit
⋅
Dtrack: In-depth analysis of APT on a nuclear power plant Dtrack |
| 2019-11-19
⋅
FireEye
⋅
Achievement Unlocked: Chinese Cyber Espionage Evolves to Support Higher Level Missions MESSAGETAP TSCookie ACEHASH CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT HIGHNOON HTran MimiKatz NetWire RC POISONPLUG Poison Ivy pupy Quasar RAT ZXShell |
| 2019-11-05
⋅
Telsy
⋅
The Lazarus’ gaze to the world: What is behind the first stone? NedDnLoader Torisma |
| 2019-11-04
⋅
⋅
Tencent
⋅
APT attack group "Higaisa" attack activity disclosed Ghost RAT Higaisa |
| 2019-11-04
⋅
Marco Ramilli's Blog
⋅
Is Lazarus/APT38 Targeting Critical Infrastructures? Dtrack |
| 2019-11-03
⋅
Github (jeFF0Falltrades)
⋅
DTrack Dtrack |
| 2019-10-31
⋅
CISA
⋅
Malware Analysis Report (AR19-304A) HOPLIGHT |
| 2019-10-17
⋅
Let's Learn: Dissecting Lazarus Windows x86 Loader Involved in Crypto Trading App Distribution: "snowman" & ADVObfuscator AppleJeus |
| 2019-10-12
⋅
Objective-See
⋅
Pass the AppleJeus AppleJeus |
| 2019-10-11
⋅
Twitter (@VK_intel)
⋅
Possible Lazarus x86 Malware (AppleJeus) AppleJeus |
| 2019-09-23
⋅
MITRE
⋅
APT41 Derusbi MESSAGETAP Winnti ASPXSpy BLACKCOFFEE CHINACHOPPER Cobalt Strike Derusbi Empire Downloader Ghost RAT MimiKatz NjRAT PlugX ShadowPad Winnti ZXShell APT41 |
| 2019-09-23
⋅
Kaspersky Labs
⋅
Hello! My name is Dtrack Dtrack |
| 2019-09-18
⋅
SophosLabs Uncut
⋅
The WannaCry hangover WannaCryptor |
| 2019-09-17
⋅
SophosLabs
⋅
WannaCry Aftershock WannaCryptor |
| 2019-09-17
⋅
Talos
⋅
Cryptocurrency miners aren’t dead yet: Documenting the voracious but simple “Panda” Ghost RAT |
| 2019-09-09
⋅
CISA
⋅
Malware Analysis Report (AR19-252A) BADCALL BADCALL |
| 2019-08-11
⋅
Twitter (@KevinPerlow)
⋅
Updated #Lazarus Keylogger (uploaded June) PSLogger |
| 2019-08-01
⋅
Kaspersky Labs
⋅
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
| 2019-07-28
⋅
Dissecting Malware
⋅
Third time's the charm? Analysing WannaCry samples WannaCryptor |
| 2019-07-11
⋅
NTT Security
⋅
Targeted TrickBot activity drops 'PowerBrace' backdoor PowerBrace TrickBot |
| 2019-05-30
⋅
Talos Intelligence
⋅
10 years of virtual dynamite: A high-level retrospective of ATM malware FastCash Project Alice Cutlet Ploutus ATM Skimer Tyupkin |
| 2019-05-09
⋅
CISA
⋅
Malware Analysis Report (AR19-129A) ELECTRICFISH Lazarus Group |
| 2019-04-25
⋅
⋅
DATANET
⋅
Chinese-based hackers attack domestic energy institutions CALMTHORN Ghost RAT |
| 2019-04-24
⋅
SpecterOps
⋅
Introducing Venator: A macOS tool for proactive detection AppleJeus WindTail |
| 2019-04-11
⋅
Computing.co.uk
⋅
Lazarus rises: Warning over new HOPLIGHT malware linked with North Korea HOPLIGHT |
| 2019-04-10
⋅
The Register
⋅
Lazarus Group rises again from the digital grave with Hoplight malware for all Lazarus Group |
| 2019-04-10
⋅
US-CERT
⋅
Malware Analysis Report (AR19-100A): North Korean Trojan: HOPLIGHT HOPLIGHT |
| 2019-04-10
⋅
One Night in Norfolk
⋅
OSINT Reporting Regarding DPRK and TA505 Overlap PowerBrace |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet Nanocore RAT pupy Quasar RAT Remcos TURNEDUP APT33 |
| 2019-03-27
⋅
Symantec
⋅
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33 |
| 2019-03-26
⋅
Kaspersky Labs
⋅
Cryptocurrency businesses still being targeted by Lazarus Yort Lazarus Group |
| 2019-03-20
⋅
Github (649)
⋅
APT38 DYEPACK FRAMEWORK DYEPACK |
| 2019-03-18
⋅
DCSO
⋅
Enterprise Malware-as-a-Service: Lazarus Group and the Evolution of Ransomware Hermes |
| 2019-03-14
⋅
CISA
⋅
MAR-10135536-12 – North Korean Trojan: TYPEFRAME miniTypeFrame TYPEFRAME |
| 2019-03-12
⋅
Malwarebytes
⋅
The Advanced Persistent Threat files: Lazarus Group Lazarus Group |
| 2019-02-27
⋅
Secureworks
⋅
A Peek into BRONZE UNION’s Toolbox Ghost RAT HyperBro ZXShell |
| 2019-02-19
⋅
Check Point Research
⋅
North Korea Turns Against New Targets?! KEYMARBLE |
| 2019-01-31
⋅
⋅
ESTsecurity
⋅
Lazarus APT Organization Attacks with Operation Extreme Job CoreDN |
| 2019-01-30
⋅
Cisco Talos
⋅
Fake Cisco Job Posting Targets Korean Candidates CoreDN JessieConTea |
| 2019-01-29
⋅
MITRE
⋅
APT38 Lazarus Group |
| 2019-01-23
⋅
NSHC RedAlert Labs
⋅
SectorA01 Custom Proxy Utility Tool Analysis FastCash |
| 2019-01-22
⋅
One Night in Norfolk
⋅
A Lazarus Keylogger- PSLogger PSLogger |
| 2019-01-16
⋅
ZDNet
⋅
North Korean hackers infiltrate Chile's ATM network after Skype job interview Lazarus Group |
| 2019-01-15
⋅
Flashpoint
⋅
Disclosure of Chilean Redbanc Intrusion Leads to Lazarus Ties PowerRatankba |
| 2019-01-07
⋅
Intezer
⋅
ChinaZ Revelations: Revealing ChinaZ Relationships with other Chinese Threat Actor Groups Ghost RAT |
| 2019-01-01
⋅
Dragos
⋅
Adversary Reports ALLANITE APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
Operation GhostSecret Lazarus Group |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
Compromise of cryptocurrency exchanges in South Korea Lazarus Group |
| 2019-01-01
⋅
CISA
⋅
HIDDEN COBRA - North Korean Malicious Cyber Activity Lazarus Group |
| 2019-01-01
⋅
Journal of Telecommunications and Information Technology
⋅
WannaCry Ransomware: Analysis of Infection, Persistence, Recovery Prevention and Propagation Mechanisms WannaCryptor |
| 2019-01-01
⋅
MITRE
⋅
Group description: Lazarus Group Lazarus Group |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
Covellite Lazarus Group |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
Lazarus Group Lazarus Group |
| 2018-12-31
⋅
Github Repository
⋅
FastCashMalwareDissected FastCash |
| 2018-12-12
⋅
McAfee
⋅
‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure Rising Sun Lazarus Group Operation Sharpshooter |
| 2018-11-20
⋅
Trend Micro
⋅
Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America BLINDTOAD |
| 2018-11-17
⋅
Youtube (Demonslay335)
⋅
Analyzing Ransomware - Beginner Static Analysis Hermes |
| 2018-11-08
⋅
Symantec
⋅
FASTCash: How the Lazarus Group is Emptying Millions from ATMs FastCash Lazarus Group |
| 2018-11-08
⋅
Symantec
⋅
FASTCash: How the Lazarus Group is Emptying Millions from ATMs FastCash Lazarus Group |
| 2018-10-08
⋅
Youtube Video
⋅
BSides Belfast 2018: Lazarus On The Rise: Insights From SWIFT Bank Attacks NESTEGG |
| 2018-10-03
⋅
Virus Bulletin
⋅
Lazarus Group A Mahjong Game Played with Different Sets of Tiles Bankshot BanPolMex RAT FuwuqiDrama HOTWAX KillDisk (Lazarus) NACHOCHEESE REDSHAWL WannaCryptor |
| 2018-10-02
⋅
CISA
⋅
Alert (TA18-275A): HIDDEN COBRA – FASTCash Campaign FastCash |
| 2018-10-02
⋅
US-CERT
⋅
Alert (TA18-275A) HIDDEN COBRA: FASTCash Campaign FastCash |
| 2018-10-01
⋅
Youtube (FireEye Inc.)
⋅
CDS 2018 | Unmasking APT X NESTEGG |
| 2018-09-19
⋅
Möbius Strip Reverse Engineering
⋅
Hex-Rays Microcode API vs. Obfuscating Compiler Ghost RAT |
| 2018-09-06
⋅
Department of Justice
⋅
North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions Lazarus Group |
| 2018-08-27
⋅
DARKReading
⋅
North Korean Hacking Group Steals $13.5 Million From Indian Bank Lazarus Group |
| 2018-08-23
⋅
Kaspersky Labs
⋅
Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware AppleJeus Volgmer Lazarus Group |
| 2018-08-23
⋅
Bleeping Computer
⋅
Lazarus Group Deploys Its First Mac Malware in Cryptocurrency Exchange Hack Lazarus Group |
| 2018-08-09
⋅
CISA
⋅
Malware Analysis Report (AR18-221A) KEYMARBLE |
| 2018-07-30
⋅
Proofpoint
⋅
New version of AZORult stealer improves loading features, spreads alongside ransomware in new campaign Azorult Hermes |
| 2018-07-26
⋅
IEEE Symposium on Security and Privacy (SP)
⋅
Tracking Ransomware End-to-end Cerber Locky WannaCryptor |
| 2018-06-23
⋅
AhnLab
⋅
Full Discloser of Andariel, A Subgroup of Lazarus Threat Group PhanDoor Rifdoor |
| 2018-06-13
⋅
Threatpost
⋅
Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist Lazarus Group |
| 2018-06-13
⋅
Acalvio
⋅
Lateral Movement Technique Employed by Hidden Cobra Brambul Joanap |
| 2018-06-08
⋅
United States District Court (California)
⋅
Complaint against Jin Hyok Park NESTEGG |
| 2018-06-07
⋅
Trend Micro
⋅
New KillDisk Variant Hits Latin American Financial Organizations Again BOOTWRECK |
| 2018-05-29
⋅
US-CERT
⋅
MAR-10135536-3 - HIDDEN COBRA RAT/Worm Brambul Joanap |
| 2018-05-29
⋅
US-CERT
⋅
Alert (TA18-149A): HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm Brambul Joanap |
| 2018-05-29
⋅
Bloomberg
⋅
Mexico Foiled a $110 Million Bank Heist, Then Kept It a Secret Lazarus Group |
| 2018-05-03
⋅
McAfee
⋅
Dissecting Operation Troy: Cyberespionage in South Korea concealment_troy http_troy Lazarus Group |
| 2018-04-27
⋅
Bleeping Computer
⋅
North Korean Hackers Are up to No Good Again Lazarus Group |
| 2018-04-24
⋅
McAfee
⋅
Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide GhostSecret |
| 2018-04-24
⋅
McAfee
⋅
Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide Lazarus Group |
| 2018-04-20
⋅
NCC Group
⋅
Decoding network data from a Gh0st RAT variant Ghost RAT APT27 |
| 2018-04-17
⋅
NCC Group
⋅
Decoding network data from a Gh0st RAT variant Ghost RAT APT27 |
| 2018-04-03
⋅
ESET Research
⋅
Lazarus KillDisks Central American casino KillDisk (Lazarus) Lazarus Group |
| 2018-03-28
⋅
Intezer
⋅
Lazarus Group Targets More Cryptocurrency Exchanges and FinTech Companies Unidentified 042 |
| 2018-03-14
⋅
Malwarebytes Labs
⋅
Hermes ransomware distributed to South Koreans via recent Flash zero-day Hermes |
| 2018-03-08
⋅
McAfee
⋅
Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant Lazarus Group |
| 2018-03-01
⋅
Kaspersky Labs
⋅
Lazarus under the Hood BlueNoroff HOTWAX REDSHAWL WORMHOLE |
| 2018-03-01
⋅
Dragos
⋅
INDUSTRIAL CONTROL SYSTEM THREATS APT33 CHRYSENE ENERGETIC BEAR Lazarus Group Sandworm |
| 2018-03-01
⋅
Kaspersky Labs
⋅
Lazarus under the Hood NESTEGG |
| 2018-02-12
⋅
McAfee
⋅
Lazarus Resurfaces, Targets Global Banks and Bitcoin Users CoreDN |
| 2018-02-11
⋅
Symantec
⋅
Technical Description: Downloader.Jelous CoreDN |
| 2018-02-05
⋅
US-CERT
⋅
HIDDEN COBRA - North Korean Malicious Cyber Activity HARDRAIN HARDRAIN |
| 2018-02-01
⋅
Bitdefender
⋅
Operation PZCHAO Inside a highly specialized espionage infrastructure Ghost RAT APT27 |
| 2018-01-29
⋅
Proofpoint
⋅
North Korea Bitten by Bitcoin Bug Bitsran |
| 2018-01-24
⋅
Trend Micro
⋅
Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More PowerRatankba |
| 2018-01-24
⋅
Trend Micro
⋅
A Look into the Lazarus Group’s Operations Lazarus Group |
| 2018-01-15
⋅
Trend Micro
⋅
New KillDisk Variant Hits Financial Organizations in Latin America KillDisk (Lazarus) Lazarus Group |
| 2018-01-04
⋅
Malware Traffic Analysis
⋅
MALSPAM PUSHING PCRAT/GH0ST Ghost RAT |
| 2018-01-01
⋅
FireEye
⋅
APT38 Bitsran BLINDTOAD BOOTWRECK Contopee DarkComet DYEPACK HOTWAX NESTEGG PowerRatankba REDSHAWL WORMHOLE Lazarus Group |
| 2018-01-01
⋅
McAfee
⋅
Dissecting Operation Troy: Cyberespionage in South Korea Lazarus Group |
| 2018-01-01
⋅
FireEye
⋅
APT38 CHEESETRAY CLEANTOAD NACHOCHEESE |
| 2017-12-20
⋅
RiskIQ
⋅
Mining Insights: Infrastructure Analysis of Lazarus Group Cyber Attacks on the Cryptocurrency Industry PowerRatankba |
| 2017-12-19
⋅
Proofpoint
⋅
North Korea Bitten by Bitcoin Bug QUICKCAFE PowerSpritz Ghost RAT PowerRatankba |
| 2017-12-19
⋅
Proofpoint
⋅
North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group Ghost RAT |
| 2017-12-13
⋅
US-CERT
⋅
Malware Analysis Report (MAR) - 10135536-B BADCALL Bankshot |
| 2017-11-20
⋅
Palo Alto Networks Unit 42
⋅
Operation Blockbuster Goes Mobile HARDRAIN |
| 2017-11-20
⋅
McAfee
⋅
Android Malware Appears Linked to Lazarus Cybercrime Group HARDRAIN |
| 2017-11-14
⋅
US-CERT
⋅
Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer Volgmer Lazarus Group |
| 2017-11-14
⋅
Department of Homeland Security
⋅
HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL Lazarus Group |
| 2017-10-27
⋅
Independent.co.uk
⋅
British security minister says North Korea was behind WannaCry hack on NHS WannaCryptor |
| 2017-10-16
⋅
Taiwan Heist: Lazarus Tools and Ransomware Bitsran Hermes |
| 2017-10-16
⋅
BAE Systems
⋅
Taiwan Heist: Lazarus Tools and Ransomware BLINDTOAD Lazarus Group |
| 2017-08-25
⋅
Kaspersky Labs
⋅
Walking in your Enemy's Shadow: When Fourth-Party Collection becomes Attribution Hell NetTraveler RCS WannaCryptor Dancing Salome |
| 2017-08-14
⋅
Palo Alto Networks Unit 42
⋅
The Blockbuster Saga Continues HOPLIGHT |
| 2017-06-13
⋅
US-CERT
⋅
HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure Lazarus Group |
| 2017-05-31
⋅
MITRE
⋅
Lazarus Group Lazarus Group |
| 2017-05-31
⋅
MITRE
⋅
Axiom Derusbi 9002 RAT BLACKCOFFEE Derusbi Ghost RAT HiKit PlugX ZXShell APT17 |
| 2017-05-31
⋅
MITRE
⋅
PittyTiger Enfal Ghost RAT MimiKatz Poison Ivy APT24 |
| 2017-05-31
⋅
MITRE
⋅
APT18 Ghost RAT HttpBrowser APT18 |
| 2017-05-30
⋅
Group-IB
⋅
Lazarus Arisen: Architecture, Techniques and Attribution HOTWAX NACHOCHEESE Ratankba |
| 2017-05-25
⋅
Symantec
⋅
Lazarus: History of mysterious group behind infamous cyber attacks Lazarus Group |
| 2017-05-25
⋅
Flashpoint
⋅
Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors WannaCryptor |
| 2017-05-22
⋅
Symantec
⋅
WannaCry: Ransomware attacks show strong links to Lazarus group AlphaNC BravoNC Duuzer Sierra(Alfa,Bravo, ...) WannaCryptor |
| 2017-05-19
⋅
Comae
⋅
WannaCry — Decrypting files with WanaKiwi + Demos WannaCryptor |
| 2017-05-19
⋅
Malwarebytes
⋅
How did the WannaCry ransomworm spread? WannaCryptor |
| 2017-05-16
⋅
Wannacryptor Ransomworm WannaCryptor |
| 2017-05-14
⋅
Comae
⋅
WannaCry — New Variants Detected! WannaCryptor |
| 2017-05-13
⋅
MalwareTech
⋅
How to Accidentally Stop a Global Cyber Attacks WannaCryptor |
| 2017-05-12
⋅
The Moscow Times
⋅
‘WCry’ Virus Reportedly Infects Russian Interior Ministry's Computer Network WannaCryptor |
| 2017-05-12
⋅
KrebsOnSecurity
⋅
U.K. Hospitals Hit in Widespread Ransomware Attack WannaCryptor |
| 2017-05-12
⋅
G Data
⋅
Warning: Massive "WannaCry" Ransomware campaign launched WannaCryptor |
| 2017-05-12
⋅
Emsisoft
⋅
Global WannaCry ransomware outbreak uses known NSA exploits WannaCryptor |
| 2017-05-12
⋅
Microsoft
⋅
WannaCrypt ransomware worm targets out-of-date systems WannaCryptor |
| 2017-05-12
⋅
Kaspersky Labs
⋅
WannaCry ransomware used in widespread attacks all over the world WannaCryptor |
| 2017-05-12
⋅
Comae
⋅
WannaCry — The largest ransom-ware infection in History WannaCryptor |
| 2017-05-12
⋅
Avast
⋅
WannaCry ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far today WannaCryptor |
| 2017-05-01
⋅
IssueMakersLab
⋅
Operation GoldenAxe Rifdoor |
| 2017-04-07
⋅
Palo Alto Networks Unit 42
⋅
The Blockbuster Sequel OpBlockBuster |
| 2017-04-04
⋅
Kaspersky Labs
⋅
Chasing Lazarus: A Hunt for the Infamous Hackers to Prevent Large Bank Robberies Lazarus Group |
| 2017-04-03
⋅
Kaspersky Labs
⋅
Lazarus under the Hood Alreay DYEPACK HOTWAX NESTEGG RatankbaPOS REDSHAWL WORMHOLE Lazarus Group |
| 2017-04-03
⋅
Kaspersky Labs
⋅
Lazarus under the Hood Alreay DYEPACK |
| 2017-04-03
⋅
Threatpost
⋅
Lazarus APT Spinoff Linked to Banking Hacks Lazarus Group |
| 2017-02-25
⋅
Financial Security Institute
⋅
Silent RIFLE: Response Against Advanced Threat Ghost RAT |
| 2017-02-20
⋅
BAE Systems
⋅
Lazarus’ False Flag Malware HOTWAX NACHOCHEESE |
| 2017-02-16
⋅
ESET Research
⋅
Demystifying targeted malware used against Polish banks BanPolMex RAT HOTWAX NACHOCHEESE |
| 2017-02-12
⋅
Symantec
⋅
Attackers target dozens of global banks with new malware Ratankba Lazarus Group |
| 2017-02-12
⋅
Symantec
⋅
Attackers target dozens of global banks with new malware Joanap Ratankba Sierra(Alfa,Bravo, ...) Lazarus Group |
| 2017-02-12
⋅
BAE Systems
⋅
Lazarus & Watering-hole attacks Ratankba |
| 2017-01-01
⋅
Github (rain-1)
⋅
WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm WannaCryptor |
| 2017-01-01
⋅
FSI
⋅
Campaign Rifle: Andariel, The Maiden of Anguish Rifdoor |
| 2016-06-03
⋅
FireEye
⋅
APT Group Sends Spear Phishing Emails to Indian Government Officials BreachRAT DarkComet Operation C-Major |
| 2016-05-27
⋅
Anomali
⋅
Evidence of Stronger Ties Between North Korea and SWIFT Banking Attacks DYEPACK Sierra(Alfa,Bravo, ...) |
| 2016-05-26
⋅
Symantec
⋅
SWIFT attackers’ malware linked to more financial attacks Contopee Lazarus Group |
| 2016-05-26
⋅
Symantec
⋅
SWIFT attackers’ malware linked to more financial attacks Contopee DYEPACK Sierra(Alfa,Bravo, ...) Lazarus Group |
| 2016-05-20
⋅
Reuters
⋅
Special Report: Cyber thieves exploit banks' faith in SWIFT transfer network Lazarus Group |
| 2016-05-16
⋅
Bankinfo Security
⋅
Vietnamese Bank Blocks $1 Million SWIFT Heist Lazarus Group |
| 2016-05-15
⋅
Trend Micro
⋅
What We Can Learn From the Bangladesh Central Bank Cyber Heist Lazarus Group |
| 2016-05-13
⋅
BAE Systems
⋅
CYBER HEIST ATTRIBUTION Sierra(Alfa,Bravo, ...) |
| 2016-04-22
⋅
Cylance
⋅
The Ghost Dragon Ghost RAT |
| 2016-03-07
⋅
Github (xl7dev)
⋅
RedHat Hacker.asp RedHat Hacker WebShell |
| 2016-02-24
⋅
Threatpost
⋅
Operation Blockbuster Coalition Ties Destructive Attacks to Lazarus Group Lazarus Group |
| 2016-02-01
⋅
Blue Coat Systems Inc
⋅
From Seoul to Sony The History of the Darkseoul Group and the Sony Intrusion Malware Destover Joanap Sierra(Alfa,Bravo, ...) |
| 2016-02-01
⋅
Novetta
⋅
Operation Blockbuster Lazarus Group |
| 2015-10-26
⋅
Symantec
⋅
Duuzer back door Trojan targets South Korea to take over computers Lazarus Group |
| 2015-10-26
⋅
Symantec
⋅
Duuzer back door Trojan targets South Korea to take over computers Brambul Duuzer Joanap Lazarus Group |
| 2015-09-10
⋅
FireEye
⋅
Hangul Word Processor (HWP)Zero-Day: possible ties to North Korean threat actors HOPLIGHT |
| 2014-12-19
⋅
US-CERT
⋅
Alert (TA14-353A): Targeted Destructive Malware Sierra(Alfa,Bravo, ...) |
| 2014-12-08
⋅
Trend Micro
⋅
The Hack of Sony Pictures: What We Know and What You Need to Know Lazarus Group |
| 2013-06-26
⋅
Symantec
⋅
Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War Lazarus Group |
| 2013-06-26
⋅
Symantec
⋅
Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War Lazarus Group |
| 2013-05-29
⋅
Symantec
⋅
South Korean Financial Companies Targeted by Castov Lazarus Group |
| 2013-05-28
⋅
Symantec
⋅
South Korean Financial Companies Targeted by Castov Lazarus Group |
| 2013-03-20
⋅
The New York Times
⋅
Computer Networks in South Korea Are Paralyzed in Cyberattacks Lazarus Group |
| 2012-10-05
⋅
Malwarebytes
⋅
Dark Comet 2: Electric Boogaloo DarkComet |
| 2012-06-21
⋅
Contagio Dump
⋅
RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army BlackShades DarkComet Terminator RAT |
| 2012-06-09
⋅
Malwarebytes
⋅
You dirty RAT! Part 1: DarkComet DarkComet |
| 2012-01-01
⋅
Norman ASA
⋅
The many faces of Gh0st Rat Ghost RAT |
| 2011-06-29
⋅
Symantec
⋅
Inside a Back Door Attack Ghost RAT Dust Storm |
| 2011-03-11
⋅
Symantec
⋅
Trojan.Koredos Comes with an Unwelcomed Surprise Lazarus Group |
| 2011-03-11
⋅
Symantec
⋅
Trojan.Koredos Comes with an Unwelcomed Surprise Lazarus Group |
| 2009-07-08
⋅
The Guardian
⋅
Cyber attackers target South Korea and US Lazarus Group |
| 2009-03-28
⋅
Infinitum Labs
⋅
Tracking GhostNet: Investigating a Cyber Espionage Network Ghost RAT GhostNet |